HIGH 7.5

GHSA-wcwp-9rcp-jvfg

Open WebUI Uncontrolled Resource Consumption vulnerability

상세

A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, or adding users. The vulnerability can also be exploited by authenticated users with low privileges, leading to the same unresponsive state in the Admin panel.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / open-webui

최초 영향 버전: 0

No fixed version published yet for open-webui (pip). Pin to a known-safe version or switch to an alternative.

참고

https://nvd.nist.gov/vuln/detail/CVE-2024-7036 [ADVISORY]
https://github.com/open-webui/open-webui [PACKAGE]
https://huntr.com/bounties/ba62d093-ab27-48fa-9c53-0602c8cdc48a [WEB]